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CLAIMS 



WHAT IS CLAIMED IS: 



r method for propagating filters to an upstream device comprising: 
rating a filter at a first network device; 

I 

sending information on said filter to a second network device located upstream 
from said first network device; and 

requesting said second network device to install said filter. 

2. The method of claim 1 wherein generating a filter at a first network device 
comprises automatically generating said filter based on network flow entering the 
device. 

3. The method of claim 1 further comprising receiving information based on 
monitored network flow and removing said filter from the first network device when the 
network flow requiring said filter is no longer present. 
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4. The method of claim 3 further comprising requesting said upstream device to 
remove said filter. 

5. The method of claim 1 further comprising refining said filter at said first 
network device based on said monitored network flow. 

6. The method of claim 5 further comprising requesting the upstream network 
device to refine said filter. 

7. The method of claim 1 wherein generating a filter comprises detecting 
potentially harmful network flows and generating a filter to prevent packets 
corresponding to said detected potentially harmful network flows from passing through 
said network device. 

8. The method of claim 7 wherein generating filters further comprises 
classifying network flow based on a source device sending a packet. 

9. The method of claim 8 wherein the network flow is classified based on an 
address of the source device. 
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10. The method of claim 1 wherein generating filters comprises analyzing 
network flow entering said first network device. 



11. The method of claim 10 wherein analyzing said network flow is performed 
by software. 



12. The method of claim 10 comprising selecting a class of network flows to 
analyze based on previously analyzed network flows. 



13. A computer program product for propagating a filter to an upstream device, 
comprising: 

code that generates a filter at a first network device; 

code that sends information on said filter to a second network device located 
upstream from said first network device; and 

code that requests said second network device to install said filter. 
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14. The computer program product of claim 13 wherein the computer readable 
medium is selected from the group consisting of CD-ROM, floppy disk, tape, flash 
memory, system memory, hard drive, and data signal embodied in a carrier wave. 

15. The computer program product of claim 13 wherein the code that generates 
said filter comprises code that analyzes network flows and detects potentially harmful 
network flows. 

16. The computer program product of claim 13 further comprising code that 
removes said filter from the first network device when no longer required. 

17. The computer program product of claim 13 further comprising code that 
requests said upstream device to remove said filter. 
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18. |A system for propagating filters to an upstream device, comprising: 
means for generating a filter at a first network device; 

means for sending information on said filter to a second network device located 
upstream from said first network device; and 

means for requesting said second network device to install said filter. 



19. A method for installing filters on connected network devices, comprising: 
analyzing network flows received at a first network device; 
generating a filter at a second network device based on said analyzed flows; and 
propagating said filter from the second network device to the first network 



device. 



20. The method of claim 19 wherein propagating said filter comprises 
propagating filter information upstream such that said filter is positioned closer to a 
source of said flows. 
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2rN^method for updating filters on a device, comprising: 
receiving data at an upstream device; 

filtering at least a portion of the data before sending the data to a downstream 

device; 

sending statistics based on the data received at the upstream device to the 
downstream device; 

receiving filter information from the downstream device; and 

updating a filter installed on the upstream device. 

22. The method of claim 21 wherein receiving filter information comprises 
using a filter propagation protocol. 

23. The method of claim 22 wherein the filter propagation protocol is operable 
to create, remove, or modify existing filters. 

24. The method of claim 22 wherein the filter propagation protocol uses 
negative routing. 
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25. A method for propagating filters to an upstream device, comprising: 

: 

sending filter information to the upstream device; 

receiving flow information based on network flow received at the upstream 
device ; 

analyzing said flow information; and 

sending updated filter information to the upstream device. 



26. The method of claim 25 wherein said flow information includes a packet 
and byte count of packets received and dropped at the upstream device. 

27. \a system for propagating filters to an upstream device comprising a 
processor configured to send filter information to the upstream device, receive flow 
information based on network flow received at the upstream device, analyze said flow 
information, and send updated filter information to the upstream device; and memory 
for storing said flow information. 
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28. A system for updating filters on a device comprising a processor configured 
to receive data at an upstream device, send statistics based on the data received at the 
upstream device to a downstream device, receive filter information from the 
downstream device, and update a filter installed on the upstream device; a filter 
operable to filter at least a portion of the received data before sending the data to the 
downstream device; and memory operable to at least temporarily store said filter 
information. 
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